From jhkang@ai.ce.pusan.ac.kr  Wed May  9 23:38:39 2001
Return-Path: <jhkang@ai.ce.pusan.ac.kr>
Received: from ai.ce.pusan.ac.kr (ai.ce.pusan.ac.kr [164.125.68.75])
	by hub.freebsd.org (Postfix) with ESMTP id 5847D37B424
	for <FreeBSD-gnats-submit@freebsd.org>; Wed,  9 May 2001 23:38:38 -0700 (PDT)
	(envelope-from jhkang@ai.ce.pusan.ac.kr)
Received: by ai.ce.pusan.ac.kr (Postfix, from userid 1001)
	id 9066D2C0A; Thu, 10 May 2001 15:38:20 +0900 (KST)
Message-Id: <20010510063820.9066D2C0A@ai.ce.pusan.ac.kr>
Date: Thu, 10 May 2001 15:38:20 +0900 (KST)
From: jhkang@isofree.net
Reply-To: jhkang@isofree.net
To: FreeBSD-gnats-submit@freebsd.org
Subject: SIGHUP propgation failure to processes of switched user
X-Send-Pr-Version: 3.95

>Number:         27242
>Category:       kern
>Synopsis:       SIGHUP propagation failure to processes of switched user and the command may run infinitely
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    ceri
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed May 09 23:40:03 PDT 2001
>Closed-Date:    Sun Jun 08 11:01:39 PDT 2003
>Last-Modified:  Sun Jun 08 11:01:39 PDT 2003
>Originator:     Jaeho Kang
>Release:        FreeBSD 4.3-STABLE i386
>Organization:
isoFree System Technolgoies. Co., Inc.
>Environment:
System: FreeBSD delta.isofree.net 4.3-STABLE FreeBSD 4.3-STABLE #3: Wed May 2 22:15:41 KST 2001 jhkang@delta.isofree.net:/usr/obj/usr/src/sys/DELTAKERNEL i386

>Description:
        Top utilitiy and may other utiltities that control terminal directly
        and does not have explicit checking eof condition may not
        die and captures cpu resource continuely
        if an user switched another user, run the command and the controlling terminal
        disconnected unexpectedly.

>How-To-Repeat:
        login in a system.
        switch to another user with su command.
        run a command (top, lynx or w3m, ...) that control terminal directly
          and does not have explicit checking eof (or error?) of input stream.
        disconnect the terminal by force. (may be telnet client)
        monitor cpu time usage (e.g. with another top utility)

>Fix:
        APPLICATION LEVEL SOLUTION
        check EOF condition in command reading loop.
        patch top.c (/usr/src/usr.bin/top/top.c in FreeBSD 4.3) as following

        bash2.05# diff top.c.orig top.c
        671a672
        >                   int retval;
        679c680,688
        <                   (void) read(0, &ch, 1);
        ---
        >                   /* 2001/05/09 - jhkang */
        >                   /* SUMMARY: patch for an abnormal behavior (infinite
        loop) */
        >                   /* SITUATION: unexpected disconnection running on root
        account */
        >                   /* SOLUTION: add eof condition test */
        >                   /* (void) read(0, &ch, 1); */
        >                   retval = read(0, &ch, 1);
        >                   if (retval == 0) {
        >                       quit(0);
        >                   }

        the patch file is available at
        http://ai.ce.pusan.ac.kr/~jhkang/files/patch.top.infinite-loop.20010509.jhkang.patch

        KERNEL(?) LEVEL?
        I suspect something is blocking propating of SIGHUP signal to the processes.
        The charge may be *kernel*, su or termcap lib.

        This problem also occure FreeBSD 3.5-STABLE/i386, NetBSD 1.4.1/macppc.
>Release-Note:
>Audit-Trail:

From: "Jaeho Kang" <jhkang@isofree.net>
To: <freebsd-gnats-submit@FreeBSD.org>, <jhkang@isofree.net>
Cc:  
Subject: Re: kern/27242: SIGHUP propagation failure to processes of switched user and the command may run infinitely
Date: Thu, 10 May 2001 16:38:32 +0900

 Follwing patch for kernel may help to solve the problem.
 I could not guess side effect (e.g. security hole) of this patch.
 
 vm-freebsd# pwd
 /usr/src/sys/kern
 vm-freebsd# diff kern_sig.c.orig kern_sig.c
 97a98
 >  * 20010509 - jhkang - add SIGHUP propagation via session (terminal?)
 101c102
 <       ((sig) == SIGCONT && (q)->p_session == (p)->p_session))
 ---
 >       (((sig) == SIGCONT) || ((sig) == SIGHUP) && (q)->p_session == (p)->p_session))
 
 the patch is avaliable at
 http://ai.ce.pusan.ac.kr/~jhkang/files/patch.kern.infinite-loop.20010509.jhkang
 
 ---
 Jaeho Kang jhkang@isofree.net
 
 

From: Bruce Evans <bde@zeta.org.au>
To: jhkang@isofree.net
Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: kern/27242: SIGHUP propgation failure to processes of switched
 user
Date: Thu, 10 May 2001 20:08:31 +1000 (EST)

 On Thu, 10 May 2001 jhkang@isofree.net wrote:
 
 > >Description:
 >         Top utilitiy and may other utiltities that control terminal directly
 >         and does not have explicit checking eof condition may not
 >         die and captures cpu resource continuely
 >         if an user switched another user, run the command and the controlling terminal
 >         disconnected unexpectedly.
 > ...
 > >Fix:
 >         APPLICATION LEVEL SOLUTION
 >         check EOF condition in command reading loop.
 >         patch top.c (/usr/src/usr.bin/top/top.c in FreeBSD 4.3) as following
 > ...
 >         KERNEL(?) LEVEL?
 >         I suspect something is blocking propating of SIGHUP signal to the processes.
 >         The charge may be *kernel*, su or termcap lib.
 
 I believe SIGHUP propagation works as intended (if not correctly).  There
 are cases where POSIX requires SIGHUP to _not_ be delivered to all the
 children.  Applications that don't check for read() failing are just broken.
 
 Bruce
 
State-Changed-From-To: open->feedback 
State-Changed-By: iedowse 
State-Changed-When: Sun Nov 3 10:04:02 PST 2002 
State-Changed-Why:  

This looks like a bug in `top' that was fixed quite a while ago. Can 
you confirm that the problem is fixed in more recent releases? 

http://www.freebsd.org/cgi/query-pr.cgi?pr=27242 
State-Changed-From-To: feedback->closed 
State-Changed-By: ceri 
State-Changed-When: Sun Jun 8 11:01:36 PDT 2003 
State-Changed-Why:  
Feedback timeout (6 months or more). 
I will handle any feedback that this closure generates. 


Responsible-Changed-From-To: freebsd-bugs->ceri 
Responsible-Changed-By: ceri 
Responsible-Changed-When: Sun Jun 8 11:01:36 PDT 2003 
Responsible-Changed-Why:  
Feedback timeout (6 months or more). 
I will handle any feedback that this closure generates. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=27242 
>Unformatted:
